Complex Made Simple

Watch out! Five new and dangerous cyber attack techniques

Cyber attacks are not only increasing in frequency, but also in alarmingly sophisticated new ways. Businesses are therefore struggling to keep track of the constantly evolving threat landscape.

To address this challenge for organizations, experts from SANS, the global leader in cyber security training and research, recently revealed their list of the five most dangerous new attack techniques.

The five threats outlined are:

1-Repositories and Cloud Storage Data Leakage

Ed Skoudis, a top hacker expert at SANS Institute, talked about the data leakage threats facing us from the increased use of repositories and cloud storage:

RELATED: What data breach? Facebook shows the world how fan appeal means business

“Attackers are increasingly targeting these kinds of repositories and cloud storage infrastructures, looking for passwords, crypto keys, access tokens, and terabytes of sensitive data.”

He continued that appointing a data curator is crucial to secure important data.

2-Big Data Analytics, De-Anonymisation, and Correlation

Skoudis talked about the threat of Big Data Analytics and how attackers are using data from disparate sources and fusing it together to de-anonymise users, find business weaknesses and opportunities, or otherwise undermine an organisation’s mission.

“Defenders also need to start analysing risks associated with how their data can be combined with data from other sources to introduce business risk.”

READ: YouTube’s Spring cleaning is here: Was your video one of them?

3-Attackers Monetize Compromised Systems Using Crypto Coin Miners

Johannes Ullrich, Dean of Research at SANS Institute and Director of SANS Internet Strom Center, said that “the value of most commonly stolen data like credit card numbers has dropped significantly.”

“Attackers are instead installing crypto coin miners. These attacks are less likely to be discovered and attackers can earn tens of thousands of dollars a month from them,” he added.

4-Recognition of Hardware Flaws

Ullrich said that software developers often assume that hardware is flawless and that is a dangerous assumption.

RELATED: Bitcoin flirting with $10,000: Here’s what’s triggering this

He explains, “Developers need to learn to create software without relying on hardware to mitigate any security issues.”

“Some emerging homomorphic encryption algorithms may allow developers to operate on encrypted data without having to decrypt it first,” he added.

5-Malware and Attacks Disrupting ICS and Utilities Instead of Seeking Profit

James Lyne, Head of R&D at SANS Institute, and top UK cyber threat expert, discussed the growing trend in malware and attacks that aren’t profit centred as we have largely seen in the past, but instead, are focused on disrupting Industrial Control Systems (ICS) and utilities in the intent of  compromising the safety systems which have historically prevented critical security and safety meltdowns.

CHECK OUT: 14 million affected by Careem data breach. Are you one?

He said, “Many ICS systems lack the mitigations of modern operating systems and applications and are easy to exploit.”

“Attackers have demonstrated they have the inclination and resources to diversify their attacks. The next few years are likely to see some painful lessons being learned as this attack domain grows, since the mitigations are inconsistent and quite embryonic,”  he added.